One Identity SafeGuard for Privileged Passwords - Authentication Bypass (CVE-2024-45488)

Summary

SafeGuard for Privileged Passwords (SPP) virtual appliance images contain a hard-coded cryptographic key (CWE-321). An attacker can exploit this key to forge arbitrary session cookies, allowing them to authenticate as any known user and gain administrative access to the application.

Note: Technical details are being withheld temporarily to provide organisations sufficient time to apply the necessary patches. A full technical write-up will be published on the AmberWolf blog at a later date.

Impact

  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Base Score: 9.8 (Critical)

Bypassing authentication as a privileged user grants full administrative control over the service, including access to sensitive stored credentials (e.g., managed accounts or personal password vaults).

Affected Versions

Versions earlier than 7.0.5.1 LTS, 7.4.2, and 7.5.2 of the virtual appliance (on VMware and Hyper-V) are affected.

One Identity has stated that non-virtualized platforms, such as the physical appliance, and cloud-based platforms are not affected by this vulnerability.

Mitigation Steps

One Identity has released fixes in versions 7.0.5.1 LTS, 7.4.2, and 7.5.2. Users should follow the vendor’s recommendations outlined in the referenced articles to update their installations.

Timeline

  • 2024-07-10 - Initial details shared with One Identity
  • 2024-07-19 - Full vulnerability report sent to One Identity
  • 2024-07-19 - One Identity provided AmberWolf with a patch to test
  • 2024-07-23 - AmberWolf confirmed the patch fixes the reported issue
  • 2024-08-27 - One Identity released fixes and published advisory / KB article
  • 2024-08-29 - CVE-2024-45488 assigned
  • 2024-09-04 - AmberWolf advisory published

References

You May Also Like